iptable限制ip端口

# Generated by iptables-save v1.4.7 on Thu Jan  2 16:43:51 2014

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-I INPUT -p TCP --dport 9200 -j DROP

-I INPUT -s x.x.x.x/24 -p tcp --dport 9200 -j ACCEPT

-I INPUT -s x.x.x.x/24 -p tcp --dport 9200 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 9201:9300 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 19100:19150 -j ACCEPT

COMMIT

# Completed on Thu Jan  2 16:43:51 2014